FortiCloud & FortiDeploy
Transcript of FortiCloud & FortiDeploy
Roberto NARETTO
System Engineer - IT Security
FortiCloud & FortiDeploySoluzione di Management Zero-touch per Dispositivi FGT e FAP
Introduzione
Cloud as a Service
Agenda
FortiCloud in Azione
Scalabilità
Fortideploy in Azione
Q&A
Coming Soon
Introduzione
FortiCloud: Questo Sconosciuto
FortiCloud
New
York(Branch
Office)0
Las
Vegas(Branch
Office)
s e c u r i t y p o l i c i e s
f i r m w a r e u p d a t e s
w i r e l e s s s e t t i n g s
z e r o t o u c h
p r o v i s i o n i n g
San
Jose(Headquarter
s)
H o s t e d F o r t i C l o u d
M a n a g e m e n t
Management Centralizzato as a Service
Cloud-Based
Management
Zero Touch
Provisioning
Integrated Security
Reporting and
Visibility
• Singular hosted console for managing wireless & security devices
• Dashboards for both wireless (FortiAP) and security (FortiGate)
• No setup fees; service is free of charge w/ no recurring expenses
• Simple provisioning makes initial deployment much less complex
• Use included key to register a device to your FortiCloud account
• Bulk deployment options for mapping many FortiAPs to FortiCloud
• Configure wireless security modes, encryption, authentication, etc.
• Detection of rogue APs + WIDS facilitates PCI compliance
• Offloads suspicious files to cloud sandbox for analysis
• Wireless/security log filtering and drill-down capabilities
• Built-in FortiView forensics for app/web/threat usage stats
• Includes pre-defined PDF reports with chart visualizations
FortiCloud: Come Funziona
• Logging abilitato by default(no user traffic – solo logs)
• Tutti i dispositivi sono gestitidirettamente
• AP possono essere raggruppati
Challenge: Setting up a cost-effective, highly available logging and management infrastructure for security and
wireless devices
FortiWiFis(Firewalls with Wireless)
FortiAPs can be grouped and
configured as logical units
and locations
Device settings can be managed
directly from the FortiCloud
hosted management console
FortiGates(Firewalls)
FortiCloud
FortiAPs(Access Points)
LOGS
Application and security logs
are sent to FortiCloud
Provisioning con FortiCloud
Enterprise HQ
Branch Offices(or Retail Stores)
FortiManager
FGT-111
FGT-222
FWF-333
FWF-444
IT admin logs into
FortiCloud, enters
bulk FortiCloud key and
configures FortiManager IP to
assign as devices come online
Deployed devices
“phone home” to
FortiCloud and are
assigned the specified
FortiManager IP
IT admin
FortiCloud
Now that devices are being
managed, IT admin can
push firewall policies and
configurations down to
FortiGates/FortiAPs directly
Challenge: Deploying security/wireless infrastructure
at remote locations (with limited on-site expertise) while
centrally managing configuration/reporting functions
Cloud-based Sandboxing con FortiCloud
Challenge: Detecting unknown malware and/or zero-day
attacks & preventing them from compromising your
network (ultimately culminating in data exfiltration)
FortiCloud
Enterprise HQIT admin
FortiGuard
Labs
FortiGate detects a suspicious
file with an unknown payload
Copy of file is sent to
FortiCloud for further
inspection and is executed in a
sandboxed environment
Branch OfficeFirewall If further analysis is required,
file is sent to FortiGuard Labs
for deconstruction and
signature creation
Any new FortiGate protection
updates are now available to
FortiGuard subscribers
worldwide
IT administrator can view
FortiCloud management UI
at any time for an updated
determination status
Monitoraggio degli Artefatti
Licenze FortiCloud e FortiDeploy
Estensione dello Storage con Licenza FortiCloud
Segui le Istruzioni
❶ Acquista tante licenze quanti sono i dispositivi da gestire
Esempio: Avendo 3 FGTs gestiti
Qty SKU Description
3 FC-10-90801-131-02-12 1-year FortiCloud… (activate
with reseller contract on
support.fortinet.com)Nota: La licenza FortiCloud è necessaria solo quandoi clienti vogliono incrementare la loro capacitàmensile per dispositivo da 1 GB a 200 GB/anno oquando vogliono maggiore flessibilità nella creazionedei reports.
Accoppiare FortiDeploy ai Dispositivi
Segui le istruzioni
❶ Aggiungi tanti FortiGates, FortiWifis o FortiAPs nel purchase
order quanti ne servono
❷ Aggiungi lo SKU del FortiDeploy allo stesso PO
Esempio: Avendo 20 FortiAPs
Qty SKU Description
20 FAP-221C-A Indoor wireless AP…
20 FC-10-P0225-311-02-DD 8x5 FortiCare Contract
1 FDP-SINGLE-USE Enables zero touch bulk
provisioning…Nota: C’è un costo nominale associato al FortiDeploy,quindi assicurati che tutti i FortiGates / FortiWiFis /FortiAPs siano nello stesso PO.
Join al FortiCloud
www.forticloud.com
FortiCloud come Management Station
FortiCloud come Management Station
Setup Wizard
Setup Wizard
FortiCloud in Azione
Hosted Management con FortiCloud
Minimize your capital investment: FortiCloud
hosted management takes the worry out of
deployment, log storage and on-site expertise
without compromising security or ease of use
Control your wired OR wireless network simply: Single pane of glass management utilizing a SaaS model
makes it painless to manage devices of any type whether
they’re firewalls, access points or somewhere in between
Challenge: Upfront investments in
management solutions can be costly and
may only manage specific devices
Network Visibility con FortiCloud
Immediate network analysis: Utilizing a
dashboard interface, IT administrators can get an
instantaneous snapshot of the health and activity
of their overall network usage
Incident management made easy: Inspect risks to your network with FortiView to assist
with threat prevention and oversight of
application usage
Challenge: Advanced analytics and risk analysis are typically features out of reach
for smaller businesses and can be costly
add-ons for larger enterprises
Managed Wireless con FortiCloud
Wireless at your fingertips: Quickly determine
wireless health, discover access point locations and
modify AP device settings with a hosted FortiCloud
cloud-based interface – all with no additional fees
Challenge: Cloud managed wireless
typically invokes a limited feature set for an
exorbitant subscription fee per device
Wireless PCI Compliance con FortiCloud
Challenge: All point of sale and credit card transactions mandate strict security standards (especially using wireless),
but ensuring all of the infrastructure pieces deliver on this
objective can be trying
Out of the box PCI compliance: FortiCloud with
FortiAP provides rogue AP detection, WIDS and
scheduled reporting – all key tenets of PCI
Comparative
FortiCloud Comparazione Funzionalità
Capability
Fortinet Aerohive Aruba Meraki
Cloud-based Mgmt � � � �
Zero Touch Provisioning � � � �
Device Firmware Updates � � � �
Drill-down Visibility � � � �
Historical Reporting � Limited � �
Wireless AP Integration
Multi-site Management � � $ �
Captive Portal � � $ �
Authentication (RADIUS) � � � �
Authentication (Cloud) � $ � $
Multiple SSIDs per AP � � $ $
Security Integration
Firewall Policy Mgmt � � � �
ATP Sandboxing � � � �
Rogue AP Detection � � � �
Comparazione FortiCloud vs FortiAnalyzer
Capability FortiCloud FortiAnalyzer
Per device licensing Free, subscription optionalMax device limit by models (up to
10,000)
Form factor Cloud-based SaaS Hardware or VM
Granular admin access profiles Limited �
Supports external authentication for admin access � �
Disk quota
1GB per device with valid
FortiCare, additional storage
contract allows 200GB per device
Variable; quotas can be assigned to
each device based on available
storage
Advanced report configuration Yes, with subscription �
Centralized logging Real-time and batch uploads Real-time and batch uploads
Cloud-based sandboxing � �
Comparazione FortiCloud vs FortiManager
Capability FortiCloud FortiManager
Per device licensing Free, subscription optionalMax device limit by models (up
to 10,000)
Zero touch provisioning �
Integrated with FortiCloud, but
not possible via FortiManager
itself
Form factor Cloud-based SaaS Hardware or VM
Granular admin access profiles Limited �
Multi-tenancy capabilities � �
Supports external authentication for admin
access� �
FortiGuard proxy (FDS) capabilities � �
Device firmware updates Limited �
Configuration management Limited, per device onlyFull provisioning profiles &
multi-device management
Security policy managementRemote access to device UI
only
Integrated multi-device object
library/policies
Exposed APIs for automationand customization
� �
Comparazione FortiCloud Free vs. Subscription
Capability FortiCloud FreeFortiCloud
Subscription
Firewall Interoperability � �
Wireless AP Interoperability � �
Device Logging � �
Device Management � �
Device ProvisioningBuilt-in support, FortiDeploy
purchase required for devices
Built-in support, FortiDeploy
purchase required for devices
Device Reporting �
Max Storage (per Device) 1 GB 200GB
Daily Limit on Log Storage(per Device)
100 MB Unlimited
Generate Reports � �
Schedule Reports � �
Customize Reports � �
Case History
Use Case: Small Business (Sicurezza Gestita)
� Piccola gioielleria artigianale con tre negozi
� Infrastrttura IT gestita dal titolare
� In precedenza aveva acquistato treFortiGates, ma non poteva permetersi ilcosto iniziale di un FortiManager
Azienda e SfidaAzienda e Sfida
Perchè Abbamo VintoPerchè Abbamo Vinto
Cosa Hanno CompratoCosa Hanno Comprato
� FortiCloud ha riempito una sostanzialenecessità di management che era un costodi mantenimento (OPEX)
� Il titolare voleva una semplice console digestione con più funzionalità
� Nel caso il business fosse incrementato ènecessario poter integrare conFortiManager
� FortiCloud (200GB subscription),FortiGates
FortiCloud
Boutique A
External IT
Contractor
Boutique B
Boutique C
Use Case: Azienda Distribuita (Gestione Wireless in Cloud)
� One of the top shoe retailers in the world with 4,000+ stores throughout the Americas
� Retailer wished to consolidate vendor relationships and present a wireless enabled showcase which stores could replicate and roll out
Organization and ChallengeOrganization and Challenge
Why We WonWhy We Won
What They BoughtWhat They Bought
� FortiCloud’s provisioning capabilities for both wired and wireless devices
� Consolidated, single pane of glass management capabilities
� Breadth of complementary solution set
� FortiCloud (FortiDeploy), FortiAPs, FortiWiFis, FortiGates, FortiManager & FortiAnalyzer
Deployment
Team
4,000+ Retail Locations
Security
Operations
Team
Corporate HQ
FortiCloud
Next Steps
Provalo da te !
❶Crea un nuovo
account FortiCloud ❷Loggati al FortiCloud attraverso l’apposito
widget sul tuo FortiGate/FortiWiFi
In alternativa, accedi al sito www.forticloud.come clicca sul link “Live Demo”
http://video.fortinet.com/video/131/manage-fortiap-from-forticloud
Frequently Asked Questions: FortiCloud + Wireless
Q: How can I evaluate features of FortiCloud wireless?
A: Without trialing a FortiAP, prospective customers can still look at the FortiCloud website
(www.forticloud.com) and click on the “live demo” link
Q: Why is Fortinet better than competitive wireless vendors?
A: While there are some wireless vendors dabbling in security, there are very few security
vendors with proven, mature wireless products like Fortinet
Q: Where can I get more information on FortiCloud or FortiAPs?
A: For more information on FortiCloud, refer to the FortiCloud FAQ; the Fortinet website
(www.fortinet.com) is the best place to find information on FortiAPs
Frequently Asked Questions: FortiCloud + Security
Q: What happens when the log volume reaches its storage limit?
A: Earlier logs are deleted (FIFO) in order to keep storage adjusted for licensing
(1 GB for FortiCloud free and 200 GB for FortiCloud annual subscription)
Q: How much does the FortiCloud sandboxing feature cost?
A: There is an additional license for this service not bundled (from 85 to 240 € in SMB):
FC-10-00XXX-123-02-12 FortiGuard FortiSandbox Cloud Service
Q: How is my log data secured?
A: All log communications are encrypted between your FortiGates and the FortiCloud hosted
service
Q: Can I view log information in aggregate from several firewalls?
A: We recommend FortiAnalyzer for deployments requiring advanced capabilities such as log
aggregation, extended retention and event management (alerting)
Q & A
[email protected] – System Engineer Exclusive Networks Italy
Cosa Stiamo Preparando Per Voi
https://attendee.gotowebinar.com/register/818193147830114050
https://attendee.gotowebinar.com/register/8203592960392342786
Grazie !
[email protected] – System Engineer Exclusive Networks Italy